Selling Your Clients’ Secrets on Craigslist?

If you’re like a lot of people you can’t wait for the newest and coolest smart phone to be released (then rub it in the collective faces of your friends, co-workers and kids). The problem is the cost – the base iPhone 6 is $199. So why not sell your old phone and minimize some of your cost? – a used iPhone might get you $50 to $100 on Craigslist or Ebay. The problem is that a “factory reset” likely won’t permanently delete your data.

It has been widely reported that a security software firm called Avast bought 20 used smartphones on Ebay and attempted to extract data from these “wiped” phones. Using their forensic tools they were able to recover 40,000 photos, many of which would likely cause significant embarrassment. More importantly, Avast was also able to extract numerous other files that were located on the smartphones.

Obviously, this highlights the need to ensure that your data has really been deleted (i.e., not recoverable with the use of forensic extraction tools). Avast’s work also raises two other very important issues. First, our smartphones are literally hand-held computers and contain information that is sensitive and often client-confidential. Accordingly, security policies and practices for smartphones should be consistent with a company’s network security policies and procedures. Second, cyber-attacks/data loss is not always due to a mysterious hacker in a basement far away trying to locate weak points in your company network. It is often due to carelessness and the lack of knowledge about how things are stored (and “deleted”) on your smartphone.